VDB
CVE-2022-23476
CVE-2022-23476
PUBLISHED
CVSS 7.5 HIGH
Unchecked return value from xmlTextReaderExpand
EPSS 0.26% · 49.2th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.26%
49.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | nokogiri | 1.13.8 |
| sparklemotion | nokogiri | >= 1.13.8, < 1.13.10 |
| nokogiri | nokogiri | 1.13.8, 1.13.9 |
Timeline
- Dec 8, 2022 CVE Published
- Dec 8, 2022 EPSS Score
- Dec 8, 2022 PoC Published
- Dec 10, 2022 CVE Updated
- Jan 19, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 13, 2023 EPSS Score
- Jul 6, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 28, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
References
- https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj url
- https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce url
- https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-23476 advisory
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml url
- https://github.com/sparklemotion/nokogiri package